Adobe Analytics and ITP

In September 2017, Apple introduced a feature to Safari 11 called Intelligent Tracking Prevention (ITP). This feature reduces cross-site tracking by further limiting cookies and other website data. It uses machine learning technology to determine which cookies to accept or remove, and when to do so. In June 2018, Apple released an updated ITP 2.0 which further restricts cross-site tracking.

Analytics visitor ID methods and ITP

Adobe Analytics uses cookies as a basis for visitor identification on the web. The domain these cookies are set on varies depending on the implementation method. There are typically four methods for cookie domains used for an implementation:

1st-party cookies: The visitor ID cookie is set on the same domain as the site via a CNAME record. For example, when visiting example.com, the cookie resides on metrics.example.com. The CNAME record then directs the data to Adobe's data collection servers.

If all cookies are set and referenced strictly in a 1st-party manner, no impact is expected.

3rd-party cookies: The visitor ID cookie is set on Adobe-owned domains dedicated for tracking. For example, when visiting example.com, the cookie resides on omtrdc.net or 2o7.net.

In March 2018, Adobe stopped issuing 3rd-party Safari cookies across all implementations, forcing the AppMeasurement library to revert to a first-party fallback cookie.

Before Adobe's action to prevent these cookies from being set, 3rd-party cookies were inconsistently handled in terms of their acceptance and removal. Cookies were often removed mid-visit, causing visits and visitors to split mid-session. Due to the machine learning behavior of ITP, Adobe was unable to effectively quantify the impact or anticipate future adjustments.

Friendly 3rd-party cookies: Used primarily by organizations with multiple domains that want to use a single visitor ID across all tracked sites. For example, an organization that owns both example.com and example.net could store the cookie on metrics.example.com. When visiting example.net, the cookie on metrics.example.com would be considered a friendly 3rd-party cookie.

ITP 1.0 allowed cookies set in a friendly 3rd-party context to be available for 24 hours. If the user did not visit the domain the cookie was set on for 30 days, the cookie was deleted. ITP 2.0 no longer allows these cookies to stay for any amount of time.

Adobe Experience Cloud ID service: The Experience Cloud ID service can set 1st-party cookies of the domain visited. In addition to the 1st-party Analytics visitor ID, an extra 3rd-party Audience Manager cookie is set on demdex.net to facilitate cross-site tracking.

ITP does not affect the 1st-party Analytics ID cookie.

As with other 3rd-party cookies, the Audience Manager cookie is handled inconsistently and can be removed mid-visit.

Mitigating ITP impact

Adobe strongly recommends the use of 1st-party cookies through the Experience Cloud Visitor ID Service. Using Adobe Launch provides a seamless way to use the ID service. CNAME records can also be used for legacy implementations.

On March 20, 2018, Adobe started blocking all 3rd-party cookies being set on Safari 11 to mitigate impact on 3rd-party cookie implementations. This action forces all Safari 11 visitors to resort to using the fallback method (fid cookie). Since the fallback cookie is 1st-party, it is at much lower risk of being deleted mid-visit.

ITP 2.0

In June 2018, Apple introduced ITP 2.0, built upon the intelligent tracking protection features released the year prior. Because Adobe forces a fallback cookie (which is first-party) on all Safari browsers, no additional impact is expected. While tracking per domain is relatively unaffected if using first-party cookies, cross-site tracking must be opted into by the visitor.

Fallback and implications

ITP directly impacts the retention of the opt-out cookie. Apple automatically deletes the cookie set to prevent reporting on data, effectively opting the user back in to tracking.